andre5oto
commented
1 year ago MFA enforcement for Heroku will take effect on January 10, 2023. All users who log in directly to the Heroku Dashboard or Heroku CLI will be required to use an MFA verifier along with their username and password. If you haven't registered an MFA verifier by January 10th, you will be prompted to do so before accessing the Dashboard or CLI.
An email notification was sent on December 6 reminding users who have not yet registered an MFA verifier to do so before the January 10th enforcement date.
Motivation On their own, usernames and passwords no longer provide sufficient protection against cyberattacks. That’s where MFA comes in. It’s one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers’ data. We’re requiring customers to enable MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and compromised devices.
Details The date when multi-factor authentication becomes a permanent part of the Heroku login experience is on the horizon. The MFA enforcement milestone was originally scheduled for June 1, 2022 but will now occur on a yet-to-be-determined date between January 9 - 31, 2023. Rest assured you’ll get at least 30 days notice before we enforce MFA for users who log in directly to the Heroku Dashboard or Heroku CLI.
Reference Heroku Multi-Factor Authentication FAQ MFA Enforcement Roadmap